Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: firewall suggestion

from [Vlad Slavoaca] Network Security [Permanent Link]
Subject: Re: firewall suggestion
Date: Tue, 22 Feb 2005 16:35:18 -0500 
        Actually, the PIX 501 is an Am5x86 133MHz CPU, whereas the
NetScreens will run a MegaScreen or GigaScreen ASIC. The NetScreens
also use the same ASICs throughout the product lines, and the specs
are just software-limited. (I.e. a 5GT is the same ASIC as a 208.) The
PIX 506E is a P2 300MHz. But, I digress.

        In a $400 budget, you'll probably get more out of a NetScreen
5GT-10U. Namely, you get a butchered DMZ port (can't send /any/ data
from DMZ to trust side, no matter what ACL you set), and full layer 3
routing. So multiple OSPF and BGP instances.

        It's a matter of experience and personal choice, too. I've got
both PIXes and NetScreens deployed. Actually, scratch that; no PIXes
any more except at home. However, about 40 NetScreens of various
sizes...
        If you're new to hardware firewalling appliances and want easy
management, get a NetScreen. If you do Cisco stuff a PIX will work
out. Mostly.

        I can answer specific questions the list has, too. However,
since the budget is so low, there's not much you can do. If money is
no concern, that's when NetScreens really shine. I.e. half a dozen
208s doing full-mesh active/active with OSPF in the trust-vr and BGP
in the untrust-vr...

        -- Vlad


On Tue, 22 Feb 2005 17:37:35 +0100, Lamy Vincent <VLamy@groupama-am.fr> wrote:

 
Sorry but PIX is an ASIC based appliance too...... it's not a pc..... 
  
Vincent Lamy 
Consultant RÃseau & SÃcurità 
Service des Moyens Informatiques 
Groupama Asset Management 
TÃl : +33 (0) 1 44 56 58 57 
 
 
 ________________________________
 De : charles antrim [mailto:chuck@securityfocus.com] 
Envoyà : samedi 19 fÃvrier 2005 03:00
à : tom.farrar@it-ps.com; chuck.ITPS@it-ps.com; kevin@retail-tech.com;
firewalls@securityfocus.com
Objet : Re: firewall suggestion

 
You speak with no authority my friend.  Head to head the Netscreen out
performs any pc system.  The pix is a pc, the Netscreen is an ASIC based
appliance.  That alone is a differentiator.  


On 2/17/05 1:17 AM, "tom.farrar@it-ps.com" <tom.farrar@it-ps.com> wrote:

 
The PIX 515 is far superior to netscreen's, full stop(.) - by concurrent
connections or VPN tunnel, or even throughput. I would love to see some
field reports for the netscreen 25 in comparison to the 515. The downside to
the PIX product is the management interface.. 

 
 
Tom Farrar
Data Centre Engineer
tom.farrar@it-ps.com

IT Professional Services


 ________________________________
 From: charles antrim [mailto:chuck] 
Sent: 17 February 2005 02:03
To: Tom Farrar; 'Kevin Russell'; firewalls@securityfocus.com
Subject: Re: firewall suggestion

The Juniper Netscreen 25 is a fare better choice than any pix product.  The
netscreen blows away the pix on any head to head features and functionality.
 


On 2/16/05 6:07 AM, "Tom Farrar" <tom_farrar@msn.com> wrote:
Depending on how much flexibility you demand from the firewall a good choice
is a PIX 515. Also a suggestion is to collate your FTP and webserve into
one, preferably a linux box â with the box you gain from the migration you
could build another linux box and stick squid and snort on that.
 
Another thing is to take into consideration what switch you are using, a
Catalyst 2950 would be a good buy for you internal lan.
 
Regards, 

 
Tom Farrar
Data Centre Engineer
tom.farrar@it-ps.com

IT Professional Services
 ________________________________
 
From: Kevin Russell [mailto:kevin@retail-tech.com]
<mailto:kevin@retail-tech.com%5d> 
Sent: 15 February 2005 14:36
To: firewalls@securityfocus.com
Subject: firewall suggestion


hi list



this is my first posting, 

I am in the position to take over as network admin, mostly just for  the
security of the machines/network... any ways we have an older firewall
appliance 
its a hotbrick, then a router and a switch 24 port,  for the network mostly
just a windows machines, a 2k3 server std, for the domain controller, and 
two DMZ machines

1 is a web server and the other is a Linux ftp server, and we were thinking
of putting another 2k pro box up in the DMZ as a second  web server, Im
trying to get them to let me put an IDS sys into the mix, but to no avail, I
need a some ideas on what you think would be the better setup for this
network, ( its a small only about 15 clients in the office)



thx alot for the help



I know its a noob question....

thx






 



-- 
end
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Nokia IP130 support for 31 bit mask, Danilov, Jaroslav
Next by Date:  Re: authenticating admins in DMZ, Shane B. Milburn
Previous by Thread:  RE: firewall suggestion, Lamy Vincent
Next by Thread:  RE: firewall suggestion, Kevin Wright
Indexes:  [Date] [Thread] [Top] [All Lists]